In what should be the last entry in this series, we'll cover a late addition to port unification. As I mentioned earlier, GlassFish 3.1 isn't adding support for port unification, we're simply introducing commands to make it accessible to people beside GlassFish hackers. As often happens, though, once these commands were revealed to the wider community, one of the first questions was "How can I redirect to a different port?" The short answer used to be "you can't." But thanks to Ryan Lubke, now you can and we'll see how below.
The steps are pretty similar to what we've seen so far. There are 4 different use cases covered here. HTTP->HTTPS (and vice versa), and redirecting on the same or a different port. In the steps listed below, I've tried to reuse existing elements of the config as much as possible to avoid polluting the configuration file with too much cruft. However, in some cases it was simpler to just create new structures because of some validation checks asadmin performs to try to prevent invalid configurations from cratering your instance.

A few of the options on the create-ssl commands you could probably remove if you'd like. I added them simply to make the created structures match the default ones to reduce any confusion and clutter while looking at the resulting domain.xml.

Pick the scenario you need and cut and paste the relevant part of the above script into your terminal window and let glassfish do the rest. You can verify your set up by using wget -S to request index.html at the end of whichever url you need and look at the header responses to make sure you're properly getting the relocation information. For example, if you're doing https -> http redirection on different ports, you'd do (and see) this:

There you go. Redirecting HTTPS on 8181 to HTTP on 8080. It's that easy. At this point I feel I should point out that redirect from secure to nonsecure connections is almost always a monumentally bad idea but I'm sure there are a handful of uses for it. Regardless, these 4 use cases should cover anything you might need. These steps require a nightly build of GlassFish 3.1 but if you're already using/experimenting with those builds, please try it out. Let us know if you have any issues on the users list and we'd be happy to help.

With this third installment, we're getting to the most interesting feature: serving multiple protocols on one port. The uses of this are fairly obvious: simpler administration, easier on firewalls, etc. Many of the elements we've already seen and so should be fairly familiar. We'll simply build on things we've seen and take them just one step further. In this simple demo, we'll be serving up HTTP traffic and a "dummy" protocol. We'll look at at the code needed to implement this protocol once we cover how to configure it.
The first step we need to is to copy the attached protocol zip file in to GlassFish so it's ready for us to use. Once you've downloaded the zip file, copy it to <glassfish>/domains/domain1/autodeploy/bundles/. (You might need to create this directory first.) If you're watching the server logs, you'll notice in a few seconds that GlassFish has detected the file and has deployed it. With that done, we can configure the system to serve up that protocol.

As you can see the steps here are almost identical to what we've done in the past. In this case, we're reusing the http-listener-1 <protocol> definition and pointing the HttpProtocolFinder there. This is the default protocol definition that ships with GlassFish. We're creating a new protocol definition for the dummy protocol and creating the finder and filter for the protocol. As a last step, we update the http-listener-1 <network-listener> to use the new pu-protocol we defined. And with that we're ready to test.

The HTTP test is simple enough: point your browser and http://localhost:8080. You should seen the standard GlassFish welcome (or an app if you've deployed one to that location). Testing the dummy protocol is a little more involved but not too bad. The protocol is simple enouugh. It looks for the text dummy-protocol and then responds with Dummy-Protocol-Response. If you have the nc command installed, you can simply do this:

echo dummy-protocol | nc localhost 8080

If not, you can you the telnet command. Simply telnet into localhost port 8080 and and the prompt enter dummy-protocol and hit the enter key. The server will respond with Dummy-Protocol-Response. Then you know you're done. We've seen this kind of configuration several times before. Let's look at the code that drives.

The first player in all this is the finder. This code detects the dummy protocol and responds accordingly. The finder looks like this:

This code simply scans the incoming bytes looking for "dummy-protocol." if it can't find it, it returns null telling the underlying grizzly code to keep looking. If it finds it, returns that string to the caller signifying it's found the protocol. At that point, control gets handed off to the DummyProtocolFilter:

The filter is simple enough. It just prints back the text we've been expecting. When it's done it returns false to show that execution is finished and the response can be closed out. Obviously a more complex protocol would require a more complex filter, but this is the basis of any such filter.

That's all it takes. If you wanted to serve up more protocols, you'd simply add more filters and finders as needed.

It's taken more time to get back to this topic but it's time. In part 1, I covered how to set up GlassFish to push all HTTP traffic to HTTPS. In this post, I'll show you how to set up the reverse. In the next post, I'll cover how to configure GlassFish to serve up multiple protocols from the same port. The steps are basically the same so this will be a short one. Similar to last time, we'll issue a few simple commands:

This should familiar if you've read part 1. We do a little extra work to set up some ssl config elements primarily to preserve the standard settings in case you want to roll back these changes when you're done. If you do, you simply need to delete those new protocol elements.

As you can see, the https request received an initial 302 response pushing off to the http url which then returns the 200 response we'd expect. To verify even further, use wget to fetch the http url and you'll see something like this:

That's it. As promised, short and sweet. Currently this approach does not allow you redirect to a different port number. We have added a new configuration element that simplifies this setup and allows for cross-port redirects. However since there isn't asadmin support for it yet, I'll defer discussion until we can get those commands written. That's in the works so it should be in the next week or two.

With that, though, I'll wrap this one up and start working on the more interesting Part 3.